hashicorp · ewbankkit · Oct 6, 2023 · Oct 3, 2023 · Oct 3, 2023 · Oct 3, 2023
@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_verifiedaccess_instance_trust_provider_attachment
+```
@@ -16,7 +16,7 @@ import (
 	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	tfawserr_sdkv2 "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
-	"github.com/hashicorp/terraform-provider-aws/internal/slices"
+	tfslices "github.com/hashicorp/terraform-provider-aws/internal/slices"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/types"
 )
@@ -3256,7 +3256,7 @@ func FindVPCEndpointServicePermission(ctx context.Context, conn *ec2.EC2, servic
 		return nil, err
 	}
 
-	allowedPrincipals = slices.Filter(allowedPrincipals, func(v *ec2.AllowedPrincipal) bool {
+	allowedPrincipals = tfslices.Filter(allowedPrincipals, func(v *ec2.AllowedPrincipal) bool {
 		return aws.StringValue(v.Principal) == principalARN
 	})
 
@@ -7075,6 +7075,24 @@ func FindVerifiedAccessInstanceByID(ctx context.Context, conn *ec2_sdkv2.Client,
 	return output, nil
 }
 
+func FindVerifiedAccessInstanceTrustProviderAttachmentExists(ctx context.Context, conn *ec2_sdkv2.Client, vaiID, vatpID string) error {
+	output, err := FindVerifiedAccessInstanceByID(ctx, conn, vaiID)
+
+	if err != nil {
+		return err
+	}
+
+	for _, v := range output.VerifiedAccessTrustProviders {
+		if aws_sdkv2.ToString(v.VerifiedAccessTrustProviderId) == vatpID {
+			return nil
+		}
+	}
+
+	return &retry.NotFoundError{
+		LastError: fmt.Errorf("Verified Access Instance (%s) Trust Provider (%s) Association not found", vaiID, vatpID),
+	}
+}
+
 func FindVerifiedAccessTrustProvider(ctx context.Context, conn *ec2_sdkv2.Client, input *ec2_sdkv2.DescribeVerifiedAccessTrustProvidersInput) (*awstypes.VerifiedAccessTrustProvider, error) {
 	output, err := FindVerifiedAccessTrustProviders(ctx, conn, input)
 

@@ -10,6 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -174,6 +175,10 @@ func resourceVerifiedAccessInstanceDelete(ctx context.Context, d *schema.Resourc
 		VerifiedAccessInstanceId: aws.String(d.Id()),
 	})
 
+	if tfawserr.ErrCodeEquals(err, errCodeInvalidVerifiedAccessInstanceIdNotFound) {
+		return diags
+	}
+
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "deleting Verified Access Instance (%s): %s", d.Id(), err)
 	}

@@ -0,0 +1,144 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package ec2
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
+)
+
+// @SDKResource("aws_verifiedaccess_instance_trust_provider_attachment", name="Verified Access Instance Trust Provider Attachment")
+func ResourceVerifiedAccessInstanceTrustProviderAttachment() *schema.Resource {
+	return &schema.Resource{
+		CreateWithoutTimeout: resourceVerifiedAccessInstanceTrustProviderAttachmentCreate,
+		ReadWithoutTimeout:   resourceVerifiedAccessInstanceTrustProviderAttachmentRead,
+		DeleteWithoutTimeout: resourceVerifiedAccessInstanceTrustProviderAttachmentDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"verifiedaccess_instance_id": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
+			"verifiedaccess_trust_provider_id": {
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
+		},
+	}
+}
+
+func resourceVerifiedAccessInstanceTrustProviderAttachmentCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	vaiID := d.Get("verifiedaccess_instance_id").(string)
+	vatpID := d.Get("verifiedaccess_trust_provider_id").(string)
+	resourceID := VerifiedAccessInstanceTrustProviderAttachmentCreateResourceID(vaiID, vatpID)
+	input := &ec2.AttachVerifiedAccessTrustProviderInput{
+		ClientToken:                   aws.String(id.UniqueId()),
+		VerifiedAccessInstanceId:      aws.String(vaiID),
+		VerifiedAccessTrustProviderId: aws.String(vatpID),
+	}
+
+	output, err := conn.AttachVerifiedAccessTrustProvider(ctx, input)
+
+	if err != nil || output == nil {
+		return sdkdiag.AppendErrorf(diags, "creating Verified Access Instance Trust Provider Attachment (%s): %s", resourceID, err)
+	}
+
+	d.SetId(resourceID)
+
+	return append(diags, resourceVerifiedAccessInstanceTrustProviderAttachmentRead(ctx, d, meta)...)
+}
+
+func resourceVerifiedAccessInstanceTrustProviderAttachmentRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	vaiID, vatpID, err := VerifiedAccessInstanceTrustProviderAttachmentParseResourceID(d.Id())
+	if err != nil {
+		return sdkdiag.AppendFromErr(diags, err)
+	}
+
+	err = FindVerifiedAccessInstanceTrustProviderAttachmentExists(ctx, conn, vaiID, vatpID)
+
+	if !d.IsNewResource() && tfresource.NotFound(err) {
+		log.Printf("[WARN] EC2 Verified Access Instance Trust Provider Attachment (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return diags
+	}
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading Verified Access Instance Trust Provider Attachment (%s): %s", d.Id(), err)
+	}
+
+	d.Set("verifiedaccess_instance_id", vaiID)
+	d.Set("verifiedaccess_trust_provider_id", vatpID)
+
+	return diags
+}
+
+func resourceVerifiedAccessInstanceTrustProviderAttachmentDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	vaiID, vatpID, err := VerifiedAccessInstanceTrustProviderAttachmentParseResourceID(d.Id())
+	if err != nil {
+		return sdkdiag.AppendFromErr(diags, err)
+	}
+
+	log.Printf("[INFO] Deleting Verified Access Instance Trust Provider Attachment: %s", d.Id())
+	_, err = conn.DetachVerifiedAccessTrustProvider(ctx, &ec2.DetachVerifiedAccessTrustProviderInput{
+		ClientToken:                   aws.String(id.UniqueId()),
+		VerifiedAccessInstanceId:      aws.String(vaiID),
+		VerifiedAccessTrustProviderId: aws.String(vatpID),
+	})
+
+	if tfawserr.ErrCodeEquals(err, errCodeInvalidVerifiedAccessTrustProviderIdNotFound) {
+		return diags
+	}
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "deleting Verified Access Instance Trust Provider Attachment (%s): %s", d.Id(), err)
+	}
+
+	return diags
+}
+
+const verifiedAccessInstanceTrustProviderAttachmentResourceIDSeparator = "/"
+
+func VerifiedAccessInstanceTrustProviderAttachmentCreateResourceID(vaiID, vatpID string) string {
+	parts := []string{vaiID, vatpID}
+	id := strings.Join(parts, verifiedAccessInstanceTrustProviderAttachmentResourceIDSeparator)
+
+	return id
+}
+
+func VerifiedAccessInstanceTrustProviderAttachmentParseResourceID(id string) (string, string, error) {
+	parts := strings.Split(id, verifiedAccessInstanceTrustProviderAttachmentResourceIDSeparator)
+
+	if len(parts) == 2 && parts[0] != "" && parts[1] != "" {
+		return parts[0], parts[1], nil
+	}
+
+	return "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected VerifiedAccessInstanceID%[2]sVerifiedAccessTrustProviderID", id, verifiedAccessInstanceTrustProviderAttachmentResourceIDSeparator)
+}
@@ -0,0 +1,147 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package ec2_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	tfec2 "github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccVerifiedAccessInstanceTrustProviderAttachment_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_verifiedaccess_instance_trust_provider_attachment.test"
+	instanceResourceName := "aws_verifiedaccess_instance.test"
+	trustProviderResourceName := "aws_verifiedaccess_trust_provider.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			testAccPreCheckVerifiedAccessInstance(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.EC2),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckVerifiedAccessInstanceTrustProviderAttachmentDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccVerifiedAccessInstanceTrustProviderAttachmentConfig_basic(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVerifiedAccessInstanceTrustProviderAttachmentExists(ctx, resourceName),
+					resource.TestCheckResourceAttrPair(resourceName, "verifiedaccess_instance_id", instanceResourceName, "id"),
+					resource.TestCheckResourceAttrPair(resourceName, "verifiedaccess_trust_provider_id", trustProviderResourceName, "id"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccVerifiedAccessInstanceTrustProviderAttachment_disappears(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_verifiedaccess_instance_trust_provider_attachment.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			testAccPreCheckVerifiedAccessInstance(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.EC2),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckVerifiedAccessInstanceTrustProviderAttachmentDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccVerifiedAccessInstanceTrustProviderAttachmentConfig_basic(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVerifiedAccessInstanceTrustProviderAttachmentExists(ctx, resourceName),
+					acctest.CheckResourceDisappears(ctx, acctest.Provider, tfec2.ResourceVerifiedAccessInstanceTrustProviderAttachment(), resourceName),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+func testAccCheckVerifiedAccessInstanceTrustProviderAttachmentExists(ctx context.Context, n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx)
+
+		vaiID, vatpID, err := tfec2.VerifiedAccessInstanceTrustProviderAttachmentParseResourceID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		err = tfec2.FindVerifiedAccessInstanceTrustProviderAttachmentExists(ctx, conn, vaiID, vatpID)
+
+		return err
+	}
+}
+
+func testAccCheckVerifiedAccessInstanceTrustProviderAttachmentDestroy(ctx context.Context) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx)
+
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "aws_verifiedaccess_instance_trust_provider_attachment" {
+				continue
+			}
+
+			vaiID, vatpID, err := tfec2.VerifiedAccessInstanceTrustProviderAttachmentParseResourceID(rs.Primary.ID)
+			if err != nil {
+				return err
+			}
+
+			err = tfec2.FindVerifiedAccessInstanceTrustProviderAttachmentExists(ctx, conn, vaiID, vatpID)
+
+			if tfresource.NotFound(err) {
+				continue
+			}
+
+			if err != nil {
+				return err
+			}
+
+			return fmt.Errorf("Verified Access Instance Trust Provider Attachment %s still exists", rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccVerifiedAccessInstanceTrustProviderAttachmentConfig_basic() string {
+	return `
+resource "aws_verifiedaccess_instance" "test" {}
+
+resource "aws_verifiedaccess_trust_provider" "test" {
+  device_trust_provider_type = "jamf"
+  policy_reference_name      = "test"
+  trust_provider_type        = "device"
+
+  device_options {
+    tenant_id = "test"
+  }
+}
+
+resource "aws_verifiedaccess_instance_trust_provider_attachment" "test" {
+  verifiedaccess_instance_id       = aws_verifiedaccess_instance.test.id
+  verifiedaccess_trust_provider_id = aws_verifiedaccess_trust_provider.test.id
+}
+`
+}
@@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -259,6 +260,10 @@ func resourceVerifiedAccessTrustProviderDelete(ctx context.Context, d *schema.Re
 		VerifiedAccessTrustProviderId: aws.String(d.Id()),
 	})
 
+	if tfawserr.ErrCodeEquals(err, errCodeInvalidVerifiedAccessTrustProviderIdNotFound) {
+		return diags
+	}
+
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "deleting Verified Access Trust Provider (%s): %s", d.Id(), err)
 	}